Check out how you can help fight COVID-19!

The Darker Side of Crowdsourcing

BY NICK | 3 min read

Last year, the FBI found a backdoor.

After attempting to use the All Writs Act to compel the company Apple to hack into the iPhone of Syed Rizwan Farook (of the San Bernardino shooting investigation), the FBI solicited an alternative. You might have called it an “incentive competition."

Apple CEO, Tim Cook released an open letter on February 17th, 2016:

“The FBI may use different words to describe this tool, but make no mistake: building a version of iOS that bypasses security in this way would undeniably create a backdoor… And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

“Ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”

With this powerful statement, it became obvious to the US government as well as its citizens, that this was an event which would define principles and set precedents with widespread implications. 

None the less, bureaucracy wants what it wants. 

Who you gonna call? 

In the world of hackers, there are two dominant camps: “White Hats" are the paid technicians and motivated hobbyists who discover and disclose vulnerabilities in hardware and software, alerting the responsible entities to their products’ issues so that the organization may correct the problem. Generally, the actions of White Hats are perceived as ethical. 

“Black Hats” are the notorious identity thieves, also the extortionists, pranksters, the crashers, the launderers, the embezzlers. Generally, the actions of Black Hats are perceived (understandably) as unethical.

But, there is a third camp: “Grey Hats” as you might imagine, operate in a grey-area where their actions are not easily distinguishable as strictly ethical or unethical. Unlike “White Hats” their services are not offered up freely, or as a full-time employee. Unlike “Black Hats,” they do not necessarily steal or extort. More mercenary than freelancer, the actions of Grey Hats often are driven by the highest bidder.

That seems to be the case in this scenario, with the FBI paying a one-time fee (aka cash prize) to the hackers who were able to offer up a solution. The FBI is no way obligated to give their "hack" to Apple. James B. Comey, the FBI Director, has commented as far as to say that this flaw only exists in the iOS 9 operating system. All the same, if the government is in place to serve citizens, why would they not offer this vulnerability to Apple so that they might patch the problem?

“...They would fix the problem, and then we’re back where we started…” said Comey.

In other words, if they share information, they would lose their backdoor. That's something to ponder, isn't it?  Here, the FBI incentivized the delivery of a backdoor into private data, which in itself represents an unconstitutional tool for violating privacy. It is, after all, a bypass to warrants and due process.

So what does this mean for HeroX, XPRIZE, and other incentive prize communities?

Do Know Evil.

...and Don’t Be Evil.

These mantras, early bylines in Google’s Code of Conduct express the ethical responsibility of the people who create and maintain the digital infrastructure which makes a global economy, space travel, and urban living -- just to name a few -- possible.

Every time you are offered money to solve a problem or create an innovation…think carefully about it. What will come of your work?

Money is helpful, but we must consider that every innovation has a ripple effect into the future, and when we give those solutions to powerful entities, that ripple can become a tsunami.  It’s easy to feel jaded. To believe that if you don’t take the money, someone else will...and you’re probably right. Still, that shouldn't be the premise on which compromise your principles as a global citizen. Who can say if these Grey Hats working for the FBI were wrong or right? They call themselves researchers, and they needed funding. That’s understandable enough.

But following a long line of Edward Snowden, Xiao Tian, Samy Kamkar, Matthew Keys, and Frank Abagnale… It’s important to know that even if you think that what you do is straightforward or benign...significant decision points will find you, and in those moments, you’ll have to decide: are you a White Hat, Black Hat, or Grey Hat?


  • Denis Bill Aug. 27, 2018, 1:39 a.m. PDT
    Thank you for sharing this insight. I have not heard of the term "Grey Hat" before, and now it makes sense.
  • John Buckovetz July 22, 2018, 1:39 p.m. PDT
    What the water upstream of you looks, tastes and smells like, headed your way right now, where it's going and what it's mixing with. Snow's map everywhere, all the time.
  • Hannah Baker July 12, 2018, 2:28 a.m. PDT
    Thanks for sharing such an important information.
  • Doug Jan. 16, 2018, 10:40 p.m. PST
    Thank you for sharing this insight. I have not heard of the term "Grey Hat" before, and now it makes sense.
    • John Buckovetz July 22, 2018, 1:40 p.m. PDT
      I'm a grey hat botter, been at it since before it was cool, see watercoin0 on twitter.
Non-Profit & Social Impact
lululemon announces the Healthier Community Challenge on HeroX
What if you could experience an environment that improved your well-being just by spending time in it? What would this look like to you? lululemon is…
1 min read
HeroX Tips: Your Crowdsourcing Timeline
Why is the challenge timeline important in crowdsourcing, when is it best to launch a challenge, what are the milestones that determine how long the project should run. All that and more tips and tricks that will help you launch a great crowdsourcing project or challenge, read inside.
1 min read
Crowdsourcing for Smart Cities
Innovation challenges are finding their place in healthcare, data science, renewable energy and more! You’ve likely heard of smart homes and other ‘s…
1 min read